<?php    			
require_once("database.include.php");
	
	//TODO: try
			//TODO: validations which throw exceptions on failure
			// Login consists of two two factors - a token encryption check and a user/password check
		
			// First check, tokent encryption.  To do this, we'll need to lookup the user's private key.
			// DB Call to get user public key
			//$stmt = $conn->prepare("SELECT public_key FROM USERS WHERE user_name = ?)");
			//$stmt->execute(array(publicKey));
		
			// With their private key, we can decrypt stuff encrypted by the user with their private key.
			// We ask the user to encrypt a token we sent them.  They will provide the token, and an encrypted form of that token.
			// We then decrypt the encrypted token to verify a match (if the user has the appropriate private key, this decrypted
			// token will match).
		
			// Call function to decript encrypted token with retreived public key
			//decryptedToken = decrypt(encryptedToken, publicKey);
		
			// Check for match - indicating that the provided encrypted token was indeed encrypted with the user's private key
			//if token != decryptedToken then {
			//	echo "tokenMismatch";
			//} else {
				// Token matched, user has private key and signed token correctly.  Match ID/Password
		
				// We now procede to the username/password matching.  Passwords are SHA1 hashed, so they're not in the clear.
				// We don't know what the password was that they typed, we simply match hashes.
				// Check for username and password match
			
				
				$sql = "SELECT name FROM user WHERE name = '".$_SESSION["username"]."' and password = '".$_SESSION["password"]."'";
				$stmt = $conn->prepare($sql);
				$stmt->execute();
				$count = $stmt->rowcount();
    			if ($count == 1) {
    				//Sucessful Login
				} else {
					//Failed Login
					header( 'Location: http://privr.city-score.com/' ) ;
				}
	//TODO: catch, redirect to login page with query string error
?>